Kaltura (KLTR) Risk Analysis

The markets in which we compete are characterized by rapid technological change, frequent introductions of new products, services, features and capabilities, and evolving industry standards and regulatory requirements. Our ability to grow our customer base and increase our revenue will depend in significant part on our ability to develop or otherwise introduce new products and solutions; develop or otherwise introduce new features, integrations, capabilities, and other enhancements to our existing offerings on a timely basis; interoperate across an increasing range of devices, operating systems, and third-party applications; and determine the right focus and prioritization, both in terms of our products roadmap and business focus. The success of any new products or solutions, or enhancements to our existing offerings, will depend on a number of factors including, but not limited to, the timeliness and effectiveness of our research and product development activities and go-to-market strategy, our ability to identify the appropriate technological development paths, our ability to anticipate customer needs and achieve market acceptance, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with the product development process, and the availability of other newly developed products and technologies by our competitors and by any other third parties that may introduce disruptive technologies. In addition, in connection with our product development efforts, we may introduce significant changes to our existing products or solutions, or develop or otherwise introduce new and unproven products or solutions, integrate new technologies such as AI models, including technologies with which we have little or no prior development or operating experience. This risk is amplified as we invest more heavily in AI-based technologies that rely on advanced algorithms and third-party large language models, potentially exposing us to new, and potentially novel, trade secret misappropriation or intellectual property disputes. These new products, solutions and updates may not perform as expected, may fail to engage our customer base or other end users of our products, or may otherwise create a lag in adoption of such new products. New products may initially suffer from performance and quality issues that may negatively impact our ability to market and sell such products to new and existing customers or harm our reputation. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our offerings until the next upgrade is released or switch to a competitor if we are not able to keep up with technological developments. To keep pace with technological and competitive developments we have in the past invested, and may in the future invest, in the acquisition of complementary businesses, technologies, services, products, and other assets that expand our offerings. We may make these investments without being certain that they will result in products or enhancements that will be accepted by existing or prospective customers or that will achieve market acceptance or successfully integrate with our existing products. The short- and long-term impact of any major change to our offerings, or the introduction of new products or solutions, is particularly difficult to predict. If new or enhanced offerings fail to engage our customer base or other end users of our products, or do not perform as expected, we may fail to generate sufficient revenue, operating margin, or other value to justify our investments in such products, any of which may adversely affect our reputation and negatively affect our business in the short-term, long-term, or both. If we are unable to successfully enhance our existing offerings to meet evolving customer requirements, increase adoption and use cases of our offerings, develop, or otherwise introduce new products and solutions and quickly resolve security vulnerabilities or other errors or defects, or if our efforts in any of these areas are more expensive or involved than we expect, our business, financial condition, and results of operations would be adversely affected.

We make a version of our Media Services, Kaltura Community Edition ("Kaltura CE"), available to the public at no charge under an open source license, the Affero General Public License version 3.0 ("AGPL"). Although Kaltura CE does not include many widely used Kaltura applications, it can be used on a self-hosted basis as a standalone video platform. The AGPL grants licensees broad freedom to view, use, copy, modify and redistribute the source code of Kaltura CE. Anyone can download a free copy of this version of our platform from the internet, and we neither know who all of our AGPL licensees are, nor have visibility into how Kaltura CE is being used by licensees, so our ability to detect violations of the open source license is extremely limited. Additionally, even if we become aware of any violations, open source licenses, including the AGPL, have not been widely interpreted by courts, leading to uncertainty surrounding any ability to enforce such licenses. The AGPL is a "copyleft" license, requiring that any redistribution by licensees of Kaltura CE, or any modifications or adaptations to Kaltura CE, be made pursuant to the AGPL as well. This leads some commercial enterprises to consider AGPL-licensed software to be unsuitable for commercial use. However, the AGPL would not prevent a commercial licensee from taking this open source version of our platform under AGPL and using it solely for internal purposes for free. AGPL also would not prevent a commercial licensee from taking this open source version of our platform under AGPL and using it to compete in our markets by providing it to others for free. This competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the permissions allowed under AGPL. It is also possible for competitors to develop their own software based on Kaltura CE. Although this software would also need to be made available for free under the AGPL, it could reduce the demand for and put pricing pressure on our offerings. We cannot guarantee that we will be able to compete successfully against current and future competitors, some of which may have greater resources than we have, or that competitive pressure or the availability of new open source software will not result in price reductions, reduced operating margins, and loss of market share. Any of the foregoing could harm our business, financial condition, results of operations and cash flows.

We rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business,including our platform, products and solutions (collectively, "IT Systems"). We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services. Our IT Systems, and those of third parties providers we rely on, are inherently complex and, despite testing and quality control, have in the past and may in the future contain bugs, defects, security vulnerabilities, misconfigurations, errors, or other performance failures, especially when first introduced and when upgraded with additional new features and capabilities, or otherwise not perform as intended. Any such bug, defect, security vulnerability, misconfiguration, error, or other performance failure could cause damage to our reputation, loss of customers or revenue, remediation costs, order cancellations, service terminations, and lack of market acceptance of our offerings. As the use of our offerings among new and existing customers expands, particularly to more sensitive, secure, or mission critical uses, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our offerings fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects, errors, or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems. Despite our efforts, such corrections may take longer to develop and release than we or our customers anticipate and expect. Any limitation of liability provision contained in an agreement with a customer, user, third-party vendor, service provider, or partner may not be enforceable, adequate or effective as a result of existing or future applicable law or judicial decisions and may not function to limit our liability arising from regulatory enforcement or other specific circumstances. The sale and support of our offerings entail the risk of liability claims, which could be substantial in light of the use of our offerings in enterprise-wide environments. Furthermore, our ability to include such limitation of liability provisions may be limited and such provisions, even if included, could include various exclusions. In addition, our insurance against any such liability may not be adequate to cover a potential claim, and may be subject to exclusions, or subject us to the risk that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals, increase our fees or deductibles or impose co-insurance requirements. Any such bugs, defects, security vulnerabilities, misconfigurations, errors, or other performance failures in IT Systems, including as a result of denial of claims by our insurer or the successful assertion of claims by others against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.

Our platform, products and solutions are often operated in large-scale, complex information technology environments. Our customers require training and experience in the proper use of, and the benefits that can be derived from, our offerings in order to maximize their potential. If users of our offerings do not implement, use, or update them correctly or as intended, actual or perceived inadequate performance and/or security vulnerabilities may result. Because our customers rely on our software to manage a wide range of operations, the incorrect implementation or use of, or our customers' failure to update, our software, or our failure to train customers on how to use our software productively, may result in customer dissatisfaction and negative publicity, which may adversely affect our reputation and brand. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, which would adversely affect our business, financial condition, results of operations and growth prospects.

We receive, collect, store, process, transfer, share and otherwise use or host information about individuals and/or that constitutes "personal data," "personal information," "personally identifiable information," or similar terms under applicable data privacy laws (collectively, "Personal Information"), including data relating to users of our offerings, our employees and contractors, and other persons. We have legal and contractual obligations regarding the protection of confidentiality and appropriate use of certain data, including Personal Information and other sensitive information about individuals. We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, disposal, and protection of Personal Information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements. We are also subject to certain contractual obligations to customers and other third parties related to privacy, data protection and data security. The regulatory framework for privacy, data protection and data security worldwide is, and is likely to remain for the foreseeable future, uncertain, complex and lacking worldwide unified standards, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices. Further, any significant change to applicable laws, regulations or industry practices regarding the collection, use, retention, hosting, security, processing, transfer or disclosure of Personal Information, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, security, processing, transfer or disclosure of such Personal Information must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to receive, collect, store, host, process, transfer, and otherwise use user data or develop new services and features. Further, there has been a substantial increase in legislative activity and regulatory focus on data privacy and security in the United States and elsewhere, including in relation to cybersecurity incidents. In addition, some such requirements place restrictions on our ability to process Personal Information across our business or across country borders. In the United States, the FTC and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Such standards require us to publish statements that describe how we handle Personal Information and choices individuals may have about the way we handle their Personal Information. If such information that we publish is considered untrue or inaccurate, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Moreover, according to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep consumers' Personal Information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. State consumer protection laws provide similar causes of action for unfair or deceptive practices. Further, data privacy advocates and industry groups have regularly proposed and sometimes approved, and may propose and approve in the future, self-regulatory standards with which we must legally comply or that contractually apply to us. Our communications with our clients are subject to certain laws and regulations, including the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the "CAN-SPAM Act"), the Telephone Consumer Protection Act (the "TCPA"), and the Telemarketing Sales Rule and analogous state laws, that could expose us to significant damages awards, fines and other penalties that could materially impact our business. For example, the TCPA imposes various consumer consent requirements and other restrictions in connection with certain telemarketing activity and other communication with consumers by phone, fax or text message. The CAN-SPAM Act and the Telemarketing Sales Rule and analogous state laws also impose various restrictions on marketing conducted use of email, telephone, fax or text message. As laws and regulations, including FTC enforcement, rapidly evolve to govern the use of these communications and marketing platforms, the failure by us, our employees or third parties acting at our direction to abide by applicable laws and regulations could adversely impact our business, financial condition and results of operations or subject us to fines or other penalties. Various other U.S. federal privacy laws are relevant to our business, including the Family Educational Rights and Privacy Act ("FERPA") and the Children's Online Privacy Protection Act ("COPPA"), While we are not directly subject to FERPA or COPPA, our contracts with certain educational institution customers impose obligations on us related to FERPA and COPPA. Any actual or perceived failure to comply with these laws could result in a costly investigation or litigation resulting in potentially significant liability, injunctions and other consequences, loss of trust by our users, and a material and adverse impact on our reputation and business. In addition, many state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, and data breaches. For example, the CCPA, provides data privacy rights for California residents and imposes operational requirements on covered companies, such as obligations to provide disclosures to California residents and receive and respond to data privacy rights requests. An amendment to the CCPA created a state agency to oversee implementation and enforcement efforts, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. The CCPA marked the beginning of a trend toward more stringent data privacy legislation in the United States, which could also increase our potential liability and adversely affect our business, with "copycat" laws or other similar laws being passed or proposed in numerous states across the country. This legislation may add additional complexity, variation in requirements, restrictions, and potential legal risk, require additional investment in resources to compliance programs, could impact strategies and availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. In addition, some laws may require us to notify governmental authorities and/or affected individuals of data breaches involving certain personal information or other unauthorized or inadvertent access to or disclosure of such information. We may need to notify governmental authorities and affected individuals with respect to such incidents. For example, laws in all 50 U.S. states may require businesses to provide notice to consumers whose personal information has been disclosed as a result of a data breach. These laws are not consistent with each other, and compliance in the event of a widespread data breach may be difficult and costly. We also may be contractually required to notify consumers or other counterparties of a security incident, including a breach. Regardless of our contractual protections, any actual or perceived security incident or breach, or breach of our contractual obligations, could harm our reputation and brand, expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach. In addition, in the EU and the UK, we are subject to the European Union General Data Protection Regulation (the "EU GDPR") and to the United Kingdom General Data Protection Regulation and UK Data Protection Act 2018 (collectively, the "UK GDPR") (the EU GDPR and UK GDPR together referred to as the "GDPR"). The GDPR imposes comprehensive data privacy compliance obligations in relation to our collection, use, sharing, disclosure and other processing of personal data relating to an identified or identifiable individual or "personal information" (or "personal data"), including a principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Among other requirements, the GDPR regulates the transfer of personal information outside of the European Economic Area ("EEA") and the UK to third countries that have not been found to provide adequate protection for such personal information, including the United States. We are certified under the EU-US Data Privacy Framework ("DPF") and currently rely on the DPF and on the UK Extension to the DPF to transfer certain personal information from the EEA and the UK, accordingly, to the United States to the extent the transfer is made to a DPF certified entity. We also rely on the EU standard contractual clauses ("SCCs") and the UK Addendum to the SCCs, as relevant, to transfer personal information outside the EEA and the UK with respect to both intragroup and third party transfers. We expect the existing legal complexity and uncertainty regarding international personal information transfers to continue. In particular, we expect the European Commission approval of the DPF for data transfers to certified entities in the United States to be challenged and further interpreted and developed, and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. As the regulatory guidance and enforcement landscape in relation to data transfers continue to develop, we could suffer additional costs, complaints and/or regulatory investigations or fines; we may have to stop using certain tools and vendors, implement alternative data transfer mechanisms and/or take additional compliance and operational measures; and/or it could otherwise affect the manner in which we provide our services, and could adversely affect our business, operations and financial condition. Since we are subject to the supervision of relevant data protection authorities under both the EU GDPR and the UK GDPR, we could be fined under each of these regimes independently in respect of the same breach. Penalties for certain breaches are up to the greater of €20 million / GBP 17.5 million or 4% of global annual turnover for the preceding financial year for the most serious violations. The GDPR also provides for a right to compensation for material or non-material damage claimed by individuals. In addition to the foregoing, a breach of the GDPR could result in regulatory investigations, reputational damage, orders to cease or change our processing of our data, enforcement notices and/or assessment notices (for a compulsory audit). We are also subject to evolving EU and UK privacy laws on cookies, tracking technologies and e-marketing. Recent European court and regulator decisions are driving increased attention to cookies and tracking technologies. If the trend of increasing enforcement by regulators of the strict approach to opt-in consent for all but essential use cases, as seen in recent guidance and decisions continues, this could lead to additional costs, require systems changes, limit the effectiveness of our marketing and personalization activities, divert the attention of our technology personnel, adversely affect our margins, increase costs and subject us to additional liabilities. There can be no assurances that we will be successful in our efforts to comply with such laws; violations of such laws could result in regulatory investigations, fines, orders to cease or change our use of such technologies, as well as civil claims including class actions, and reputational damage.

We are subject to taxation in several countries, including the United States and Israel; changes in tax laws or tax rulings, changes in interpretations of existing tax laws, challenges to our tax positions could adversely affect our business, results of operations, and financial condition. As such, we are subject to tax laws, regulations, and policies of the U.S. federal, state, and local governments and of comparable taxing authorities in foreign jurisdictions. Changes in tax laws or tax rates in these jurisdictions could cause us to experience fluctuations in our tax obligations and effective tax rates in the future and otherwise adversely affect our tax positions and/or our tax liabilities. For example, the Inflation Reduction Act of 2022 enacted in the United States introduced, among other changes, a 15% corporate minimum tax on certain United States corporations and a 1% excise tax on certain stock redemptions by United States corporations. To the extent that these or other changes have a negative impact on us or our consumers, including as a result of related uncertainty, these changes may materially and adversely impact our business, financial condition, results of operations and cash flow. There can be no assurance that our effective tax rates, tax payments, tax credits, or incentives will not be adversely affected by changes in tax laws in various jurisdictions.In addition, the Organization for Economic Cooperation and Development ("OECD"), with the support of the G20, initiated the base erosion and profit shifting ("BEPS") project in 2013 in response to concerns that changes were needed to international tax laws. In November 2015, the G20 finance ministers adopted final BEPS reports designed to prevent, among other things, the artificial shifting of income to low-tax jurisdictions, and legislation to adopt and implement the standards set forth in such reports has been enacted or is currently under consideration in a number of jurisdictions. In May 2019, the OECD published a "Programme of Work," which was divided into two pillars. Pillar One focused on the allocation of group profits among taxing jurisdictions based on a market-based concept rather than the historical "permanent establishment" concept. Pillar Two, among other things, introduced a global minimum tax. In October 2021, 137 member jurisdictions of the G20/OECD Inclusive Framework on BEPS joined the "Statement on a Two-Pillar Solution to Address the Tax Challenges Arising from the Digitalisation of the Economy" which sets forth the key terms of such Two-Pillar Solution, including a reallocation of taxing rights among market jurisdictions under Pillar One and a global minimum tax rate of 15% under Pillar Two. The agreement reached by 137 of the 140 members of the OECD's Inclusive Framework on BEPS targeted law enactment to take effect in 2023 with applicability from fiscal years beginning on or after December 31, 2023. On December 20, 2021, the OECD published model rules to implement the Pillar Two rules with commentary to those rules released in March 2022 and administrative guidance published in February 2023 and July 2022. The model rules, commentary and guidance allow the OECD's Inclusive Framework members to begin implementing the Pillar Two rules in accordance with the agreement reached in October 2021. Numerous countries have enacted, or are in the process of enacting, legislation to implement Pillar Two model rules. As the Two-Pillar Solution is subject to implementation by each member country, the timing and ultimate impact of any such changes on our tax obligations is uncertain. These changes, if and when enacted, by various countries in which we do business may increase our taxes in these countries. The foregoing tax changes and other possible future tax changes may have an adverse impact on us, our business, financial condition, results of operations and cash flow. Recently, the Trump administration has proposed a number of changes to the U.S. tax system. Many aspects of these proposals are unclear or undeveloped and we are unable to predict which, if any, U.S. tax reform proposals will be enacted into law, and what effects any enacted legislation might have on our effective tax rate and tax obligations. In addition, the Trump administration has indicated that the United States may impose retaliatory measures with respect to jurisdictions that have, or are likely to, put in place tax rules that are extraterritorial or disproportionately affect U.S. companies. The likelihood of these changes being enacted or implemented is unclear. We are currently unable to predict whether such changes will occur and, if so, the ultimate impact on our business.

Our total revenue for the years ended December 31, 2024 and 2023 was $178.7 million and $175.2 million, respectively, representing an annual growth rate of 2%. You should not rely on the revenue growth of any prior period as an indication of our future performance. As we operate in new and rapidly changing markets, widespread adoption and use of our platform, products and solutions is critical to our future growth and success. We believe our revenue growth will depend on a number of factors, including, among other things, our ability to: - attract new customers and maintain our relationships with, and increase revenue from, our existing customers;- provide excellent customer and end user experiences;- maintain the security and reliability of our platform, products and solutions;- introduce and grow adoption of our offerings in new markets outside the United States;- hire, integrate, train and retain skilled personnel;- adequately expand our sales force and distribution channels;- continually enhance and improve our platform, products and solutions, including the features, integrations and capabilities we offer, and develop or otherwise introduce new products and solutions, and keep pace with the technological developments predominantly around AI-based technologies and use cases;- obtain, maintain, protect and enforce intellectual property protection for our platform and technologies;- expand into new technologies, industries and use cases;- expand and maintain our partner ecosystem;- comply with existing and new applicable laws and regulations, including those related to AI, data privacy and security;- price our offerings effectively and determine appropriate contract terms;- determine the most appropriate investments for our limited resources;- successfully compete against established companies and new market entrants;- increase awareness of our brand on a global basis; and - timely and efficiently adapt to changes in customer demand, trends, global and local macro and micro economic conditions, new technologies or offerings by our competitors or other market disruptions. If we are unable to accomplish any of these objectives, our revenue could be impaired or decline in future periods. Many factors may contribute to declines in our growth rate, including slower market penetration, increased competition, slowing demand for our offerings, a failure by us to capitalize on growth opportunities, the maturation of our business, failure to deliver under our commitments or to satisfy customer expectations, global or regional economic downturns, including as a result of the continuing geopolitical tensions and active armed conflicts, and failure to adapt to such downturns, among others. While market demand for our offerings was growing at a robust rate prior to the COVID-19 pandemic, we have since experienced a slowdown as the effects of the COVID-19 pandemic have weakened and as a result of the current volatile economic climate. As a result, it is difficult to evaluate our current business and future prospects and any of the risks highlighted herein or other adverse circumstances may increase the risk that we will not be successful. If our business, operations and financial results decline as a result of any of the factors described above, investors' perceptions of our business and the market price of our common stock could be adversely affected. In addition, our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries that may prevent us from achieving the objectives outlined above. If we fail to achieve the necessary level of efficiency in our organization, or if we are not able to accurately forecast future growth and other changes that might impact our business, such as changes in our existing customers' budgets, our business would be adversely affected. Moreover, if the assumptions that we use to plan our business, such as customer demand for our new AI-driven offerings or applicable growth and decline trends, are incorrect, or change in reaction to changes in our market, or if we are unable to maintain consistent revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult to achieve and maintain profitability.

Our customer agreements typically contain service-level commitments, indemnification and other liabilities. If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer agreements, we may be contractually obligated to provide these customers with service credits or damages, or customers could elect to terminate and receive refunds for prepaid amounts related to unused subscriptions, either of which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied or refunds paid out. In addition, customer terminations or any reduction in renewals resulting from service-level failures could significantly affect both our current and future revenue. In addition, the agreements we enter into with our TV Solution customers typically provide for committed delivery schedules and milestones with which we are required to comply in connection with the deployment of our offerings. The deployment process for our TV Solution offering is often complex, and our ability to comply with our obligations under these agreements depends on a variety of factors both within and outside of our control, including the timely performance of front-end software developers and other third-parties. If we fail to meet our committed delivery schedules and milestones, we could be subject to contractual penalties, including liquidated damages, as well as breach of contract claims, which could result in litigation and cause us to incur additional costs, including in the form of additional damages or settlement payments. Affected customers may also elect to terminate their agreements with us. Furthermore, any service-level failures or failure to meet committed delivery schedules and milestones could also create negative publicity and damage our reputation, which may discourage prospective customers from adopting our offerings. In addition, if we modify the terms of our contractual commitments in future customer agreements in a manner customers perceive to be unfavorable, demand for our offerings could be reduced. The occurrence of these or any of the events discussed above could have a significant adverse effect on our business, financial condition, results of operations and cash flow, as well as our ability to grow our business.

The nature of our activities and our global presence and operations expose us to global and local macro and micro effects, including the effects of global economic trends such as the current global economic volatility, rising inflation, rising interest rates, price increases, armed conflicts in various regions including the Middle East and Eastern Europe, political changes and their impact on the economic markets, decrease in our customers' spend or available budget that causes decline in demand, up-sales or subscription renewals, and other adverse effects that might have direct or indirect effects on our business and results of operations that are hard to predict, monitor or assess. Such developments have caused and may continue to cause uncertainties and high volatility with respect to our estimated or expected results of operations, may develop differently from our estimations and expectations, and could have an adverse effect on our business, results of operations and financial condition. In addition, the current economic climate has resulted in, among other things, longer sale cycles and increased price driven competition, including through initiation of bid processes, which has adversely affected our ability to retain our existing customers and our ability to generate renewals and up-sales. We expect these trends to continue in the near-term. If we are unable to retain our existing customer base or to obtain new customers at reasonable prices, our revenue could be eroded or might even decline, and as a result our business, financial condition, results of operations and prospects will be adversely affected.

Our platform, products and solutions address the needs of customers and end users around the world, and we see continued international expansion as a significant opportunity. For the years ended December 31, 2024, 2023 and 2022, we generated approximately 47%, 48% and 46% of our revenue, respectively, from customers outside the United States. Our customers, end users, employees and partners are located in a number of different jurisdictions worldwide, and we expect our operations to become more globally diversified. Our current international operations involve, and future initiatives will also involve, a variety of risks, including: - unexpected changes in practices, tariffs, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions;- potential changes in the foreign affairs and trade policies of the countries in which we operate or do business, including the imposition of significant increases in tariffs on goods imported into the United States and corresponding retaliatory actions by the countries with which the Unites States trades;- different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;- exposure to many evolving stringent and potentially inconsistent laws and regulations relating to privacy, data protection, and information security, particularly in the European Union;- changes in a specific country's or region's political or economic conditions, including in connection with the Russian invasion of Ukraine, the armed conflict in the Middle East and Red Sea area involving Israel, Hamas, Hezbollah and the Houthi movement, and political or armed tension in other regions;- risks resulting from changes in currency exchange rates;- challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;- difficulties in maintaining our corporate culture with a dispersed workforce;- risks relating to the implementation of exchange controls, including restrictions promulgated by the United States Department of the Treasury's Office of Foreign Assets Control ("OFAC"), the Bureau of Industry and Security (BIS) at the United States Department of Commerce, and other similar trade protection regulations and measures in the United States, EU, UK, or in other jurisdictions;- reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited;- slower than anticipated availability and adoption of cloud infrastructures by international businesses, which would increase our on-premise deployments;- limitations on our ability to reinvest or transfer earnings from operations derived from one country to fund the capital needs of our operations in other countries;- limited or unfavorable-including greater difficulty in enforcing-intellectual property protection;- exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, and similar applicable laws and regulations in other jurisdictions; and - risks resulting from a pandemic, epidemic, or outbreak of infectious disease, such as resurgence of COVID-19 or its variants, including uncertainty regarding what measures the U.S. or foreign governments will take in response. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we might incur unanticipated liabilities or we might otherwise suffer harm to our business generally.

We currently depend on various third parties for some of our software development efforts, quality assurance, operations, and customer support services. Specifically, we outsource some of our software development and design, quality assurance, and operations activities to third-party contractors that have employees and consultants located in Europe (including Poland, Czech Republic, Ukraine and Belarus) and other locations. Our dependence on third-party contractors creates a number of risks, in particular, the risk that we may not maintain development quality, control, or effective management with respect to these business operations. In addition, poor relations between the United States and Russia, economic sanctions and export control restrictions imposed by the United States, the European Union ("EU"), the United Kingdom ("UK") and other countries targeting Russia, Belarus, and the embargoed areas of Ukraine, including as a result of the Russian invasion of Ukraine, and any further escalation of political tensions or economic instability in the area could have an adverse impact on our third-party software development in Ukraine and Belarus. In particular, increased tensions between the United States, the North Atlantic Treaty Organization including the UK and the EU member states and Russia as a result of the invasion of Ukraine by Russia, have increased the threat of armed conflict, cyberwarfare and economic instability that could disrupt or delay the operations of our resources in those countries, disrupt or delay our communications with such resources or the flow of funds to support their operations, or otherwise render our resources unavailable. Moreover, some of our personnel and third party service providers reside in Ukraine and are subject to the impacts of the ongoing war, including risk of injury or death, destruction of infrastructures, lack of electricity, connectivity and basic living conditions, or be subject to Russian occupation. We anticipate that, absent any adverse developments, we will continue to engage with third party service providers and maintain those relationships in order to grow our business for the foreseeable future. If we are unsuccessful in maintaining existing and, where needed, establishing new relationships with third parties, our ability to efficiently operate existing services or develop new services and provide adequate customer support could be impaired or become more expensive, and, as a result, our competitive position or our results of operations could suffer.